Wow, after using bilinear pairings all semester, Perlmonks is the last place I expected to see them pop up! It's always nice to see someone trying to put the latest theory into practice, and in Perl no less.

IBE allows for other really neat encryption ideas that I think are great. Consider an IBE system that's run at your company. Of course you can encrypt messages to Bob using his email address "bob@acme.com" as the public key. But you can also pass little "notes" to the public authority as part of the encryption key. Think of encrypting a message using something like "bob@acme.com:after2006-12-31:security3" as the public key. When Bob authenticates to the trusted authority to get the corresponding decryption key, the authority will only decide to give it to him if the date is after 12/31 and if he still has security clearance 3.

By dating all the encryption keys in this way, it gives an extra level of security from a hacker who steals your decryption keys. The stolen keys will only work for a small window of time, as long as the senders "postmark" their messages like in that example. IBE allows us to delegate some pretty sophisticated policies to the authority.

I'd also just like to elaborate on what these "pairings" do (only at a high level), since I doubt many monks have been exposed to them. You can think of the elements of a cyclic group as g^a and g^b, where a & b are integers in some range (and g is some special element of the group). If you had two such elements, you could multiply them together to get g^a+b, so you can always perform additions in the exponent. But schemes like ElGamal and Diffie-Hellman key exchange work on the principle that if you don't know a & b, you only know g^a and g^b, then it's hard to compute g^ab. So multiplications in the exponent are hard.

Pairings work by flipping this principle on its head. Now suppose you had a group where you could do those kinds of multiplications in the exponent efficiently (that's exactly what the pairing function does). But there's a catch -- you can only do one multiplication. This limitation is because the result of the multiplication has a slightly different form, which does not allow you to make any additional multiplications. But still, with such a pairing function, you can base a cryptosystem on the hardness of computing g^abc when given g^a, g^b, g^c, This extra level of algebraic freedom lets us design many more interesting cryptosystems.

Cheers, and thanks for posting this sneak-peek into the frontier of crypto research ;)